I've configured a nice little linux firewall machine here. It's got eth1 for the internal network (10.0.0.*), and eth2 for the external network (65.130.27.69/27). eth0 is not currently being used. (I'm using fake IP addresses, by the way. I don't know who has these.)

I've got all the iptables stuff done and set properly with DNAT, it all works just fine and I've updated the /etc/sysconfig/iptables. All good.

Here's where it gets fun. We've got a bunch of IPs here, and another server wants to receive port 80 traffic, but on a different IP. I added the rule to iptables, then added the secondary IP to eth2 like so:

Now device eth2 listens to two IP addresses, .69 and .70. All good, works just fine. The firewall routes traffic as it should, the internal server receives traffic as it should.

Then, one day, for unknown reasons, the firewall machine was rebooted. It had been a few years since I originally set it up, so I had completely forgotten about this secondary IP address. Later, people started complaining that such-and-such service wasn't working. It wasn't working because the firewall machine came back up without the secondary IP address, the .70 one above. So I, once again, manually added it with the above magic command.

Here's the question: How do I set this machine to automatically add the secondary IP address upon boot-up?

Some solutions I've already come up with:

I've already added this magic command to /etc/rc.d/rc.local:

# ip addr add 65.130.27.70/27 dev eth2 broadcast 65.130.27.79

and I'm pretty sure that it'll work if (or when) it's ever rebooted again. However, I ran across these docs: